The tremendous growth of SAS 70 audits has been felt in many industries, requiring service providers (commonly known as service organizations in the SAS 70 world) to undergo an annual SAS 70 Type II audit. If your organization is new to the SAS 70 audit process, here are some helpful tips for ensuring you find the right firm, a fair fee, along with other important considerations and factors regarding statement on auditing standards no. 70.
1. Find a firm that specializes in SAS 70 audits. This is not too terribly difficult as there are many firms out there providing this services for this specialized audit.
2. Make sure the firm has industry experience, not just general SAS 70 experience. Sounds easy, but it would be wise to pick a firm that has conducted SAS 70 audits in your industry, thus a have a working knowledge of your operations and what to expect
3. Define the scope EARLY. Make sure your organization and the CPA firm conducting the SAS 70 audit come to an understanding very early on regarding the scope of the audit. Too small a scope and the SAS 70 audit may have little value. Too large a scope and you may be spending more time, money, and effort than is needed.
4. Get a fixed fee for the audit. That’s right, make sure the proposal you receive is fixed, meaning it include all out of pocket, travel related expenses. A non-fixed fee proposal will likely tack on an additional 20% for out of pocket fees.
5. Ask for templates and questionnaires so you can conduct your own SAS 70 Readiness Assessment. Many CPA firm charge for this service, but some firms are willing to give you the templates free of charge. It’s a great tool for audit preparedness in regards to completing the SAS 70 audit in a successful manner.